USPTO Patents Application 09894918

Applicant : Brian Jacoby et al. Attorney's Docket No.: 06975-203001 / Security 14

Serial No. : 09/894,918

Filed : June 29, 2001

Page : 2 of 13

Amendments to the Claims :

This listing of claims replaces all prior versions and listings of claims in the application:
Listing of Claims :

1. (Currently amended) A method for securing an accessible computer system, the
method comprising:

receiving more than one data packet^ [[that]] each data packet including includes a
payload portion and an attribute portion and being flare]] communicated between at least one
access requestor and at least one access provider;

monitoring at least the payload portion of the data packets r e c e iv e d directed from at least
one of the access providers to at least one of the access requestors by scanning the payload
portion for at least one predetermined pattern and counting a number of data packets having
payload portions that include the predetermined pattern; and

denying subsequent access by the access requestor to the access provider when a number
of payload portions of the data packets received from the access provider to the access requestor
include the predetermined pattern exceed a configurable threshold number.

2. (Canceled).

3. (Previously presented) The method as in claim 1 wherein monitoring the data packets
includes scanning the payload portion while handling the data packets with a switch.

4. (Previously presented) The method as in claim 3 wherein

monitoring the data packet includes monitoring only at least one data packet that is
distinguished.

5. (Previously presented) The method as in claim 1 wherein:

Applicant
Serial No.
Filed
Page

Brian Jacoby et al.
09/894,918
June 29, 2001
3 of 13

Attorney's Docket No.: 06975-203001 / Security 14

securing the accessible computer system further comprises distinguishing at least one of
the data packets from among the data packets received for additional processing, and

monitoring the payioad portion includes monitoring the payioad portion of the at least
one data packet distinguished.

6. (Original) The method as in claim 5 wherein the at least one data packet is
distinguished based on an Internet address associated with the data packet.

7. (Previously presented) The method as in claim 1 wherein
monitoring the data packet includes monitoring all of the data packets received.

8. (Canceled).

9. (Currently amended) The method as in claim [[8]]I wherein the data packets are
monitored when communicated from the cli e nt access requestor to the [[host]] access provider .

10. (Canceled).

11. (Currently amended) The method as in claim [[8]]i wherein the predetermined
pattern includes a login failure message communicated from the hest access provider to the cli e nt
access requestor .

12. (Currently amended) The method as in claim 1 wherein the data packets include a
token-based protocol packet , or a TCP packet or a PPP packet .

13-15. (Canceled).

16. (Currently amended) The method as in claim 1 wherein denying subsequent access
includes affecting bandwidth for communications between the access requestor and the access
provider.

Applicant
Serial No.
Filed
Page

Brian Jacoby et al.
09/894,918
June 29, 2001
4 of 13

Attorney's Docket No.: 06975-203001 / Security 14

17

(Previously presented) The method as in claim 1 further comprising rerouting the

18. (Canceled).

19. (Currently amended) The method as in claim 1 wherein denying subsequent access
by the access requestor to the access provider includes denying access by the access requestor to
the access provider when a number of payload portions that include the predetermined pattern
exceed a configurable threshold number during a configurable period of time.

20. (Currently amended) A system for securing an accessible computer system,
comprising:

a receiving component that is structured and arranged to receive more than one data
packet a [[that]] each data packet including includ e s a payload portion and an attribute portion and
being [[are]] communicated between at least one access requestor and at least one access
provider;

a monitoring component that is structured and arranged to monitor at least the payload
portion of the data packets rec e iv e d directed from at least one of the access providers to at least
one of the access requestors and includes a scanning component that is structured and arranged
to scan the payload portion for at least one predetermined pattern and to count a number of data
packets_having payload portions that include the predetermined pattern; and

an access controlling component that is structured and arranged to den y subsequent
access by the access requestor to the access provider when a number of payload portions of data
packets received from the access provider to the access requestor that include the predetermined
pattern exceed a configurable threshold number.

21. (Canceled).

Applicant
Serial No.
Filed
Page

Brian Jacoby et al.
09/894,918
June 29, 2001
5 of 13

Attorney's Docket No.: 06975-203001 / Security 14

22. (Previously presented) The system of claim 20 wherein the monitoring component
includes a scanning component that is structured and arranged to scan the payload portion while
handling the data packets with a switch.

23. (Previously presented) The system of claim 22 wherein

the monitoring component is structured and arranged to monitor only at least one data
packet that is distinguished.

24. (Previously presented) The system of claim 20 wherein:

the system further comprises a distinguishing component that is structured and arranged
to distinguish at least one of the data packets from among the data packets received for additional
processing, and

the monitoring component is structured and arranged to monitor the payload portion of
the at least one data packet distinguished.

25. (Original) The system of claim 24 wherein the at least one data packet is
distinguished based on an Internet address associated with the data packet.

26. (Previously presented) The system of claim 20 wherein

the monitoring component is structured and arranged to monitor all of the data packets
received.

27. (Canceled).

28. (Currently amended) The system of claim [[27]]20 wherein the data packets are
monitored when communicated from the eben ^access requestor to the [[host]] access provider .

29. (Canceled).

Applicant : Brian Jacoby et al. Attorney's Docket No.: 06975-203001 / Security 14

Serial No. : 09/894,918

Filed : June 29, 2001

Page : 6 of 13

30. (Currently amended) The system of claim 20 wherein the predetermined pattern
includes a login failure message communicated from the [[host]] access provider to the access
requestor cli e nt .

3 1 . (Currently amended) The system of claim 20 wherein the data packets include a
token-based protocol packet, or a TCP packet or a PPP packet .

32 - 34. (Canceled).

35. (Original) The system of claim 20 wherein the access controlling component is
structured and arranged to affect bandwidth for communications between the access requestor
and the access provider.

36. (Original) The system of claim 20 wherein the access controlling component is
structured and arranged to reroute the access requestor.

37. (Canceled).

38. (Currently amended) The system of claim 20 wherein the access controlling
component is structured and arranged to deny subsequent access by the access requestor to the
access provider when a number of payload portions that include the predetermined pattern
exceed a configurable threshold number during a configurable period of time.

39. (Currently amended) A computer program stored on a computer readable medium or
a propagated signal for securing an accessible computer system, comprising:

a receiving code segment that causes the computer to receive more than one data packed
[[that]] each data packet including includ e s a payload portion and an attribute portion and being
[[are]]-communicated between at least one access requestor and at least one access provider;

a monitoring code segment that causes the computer to monitor at least the payload
portion of the data packets r e c e iv e d directed from at least one of the access providers to at least

Applicant : Brian Jacoby et al. Attorney's Docket No.: 06975-203001 / Security 14

Serial No. : 09/894,918

Filed : June 29, 2001

Page : 7 of 13

one of the access requestors and includes a scanning code segment that causes the computer to
scan the payload portion for at least one predetermined pattern and to count a number of data
packets having payload portions that include the predetermined pattern; and

an access controlling code segment that causes the computer to deny subsequent access
by the access requestor to the access provider when a number of payload portions of the data
packets received from the access provider to the access requestor that include the predetermined
pattern exceed a configurable threshold number.

40. (Canceled).

41 . (Previously presented) The computer program of claim 39 wherein the monitoring
code segment includes a scanning code segment that causes the computer to scan the payload
portion while handling the data packets with a switch.

42. (Previously presented) The computer program of claim 41 wherein

the monitoring code segment causes the computer to monitor only at least one data packet
that is distinguished.

43. (Previously presented) The computer program of claim 39 wherein:

the computer program further comprises a distinguishing code segment that causes the
computer to distinguish at least one of the data packets from among the data packets received for
additional processing, and

the monitoring code segment causes the computer to monitor the payload portion of the at
least one data packet distinguished.

i

44. (Original) The computer program of claim 43 wherein the at least one data packet is
distinguished based on an Internet address associated with the data packet.

45. (Previously presented) The computer program of claim 39 wherein

Applicant : Brian Jacoby et al. Attorney's Docket No.: 06975-203001 / Security 14

Serial No. : 09/894,918

Filed : June 29, 2001

Page : 8 of 13

the monitoring code segment causes the computer to monitor all of the data packets
received.

46. (Canceled).

47. (Currently amended) The computer program of claim [[46]]39 wherein the data
packets are monitored when communicated from the cli e nt access requestor to the [[host]] access
provider .

48. (Canceled).

49. (Currently amended) The computer program of claim [[46]] 39 wherein the
predetermined pattern includes a login failure message communicated from the [[host]]-access
provider to the cli e nt access requestor.

50. (Currently amended) The computer program of claim 39 wherein the data packets
include a token-based protocol packet , or a TCP packet or a PPP packet .

51 -53. (Canceled).

54. (Original) The computer program of claim 39 wherein the access controlling code
segment causes the; computer to affect bandwidth for communications between the access
requestor and the access provider.

55. (Original) The computer program of claim 39 wherein the access controlling code
segment causes the computer to reroute the access requestor.

56. (Canceled).

Applicant
Serial No.
Filed
Page

Brian Jacoby et al.
09/894,918
June 29, 2001
9 of 13

Attorney's Docket No.: 06975-203001 / Security 14

57. (Currently amended) The computer program of claim 39 wherein the access
controlling code segment causes the computer to deny subsequent access by the access requestor
to the access provider when a number of payioad portions that include the predetermined pattern
exceed a configurable threshold number during a configurable period of time.

58. (New) The method as in claim 1 wherein denying subsequent access by the access
requestor to the access provider further comprises denying subsequent access from a group of
access requestors to the access provider when a number of payioad portions within the data
packets received from the access provider to the group of access requestors that include the
predetermined pattern exceed a configurable threshold number.

59. (New) The method of claim 1 further comprises determining whether the access
requestor is on a permitted access list that is associated with the access provider, and when the
access requestor is determined to be included in the permitted access list, allowing subsequent
access from the access requestor to the access provider.

60. (New) The method of claim 59 wherein determining whether the access requestor is
on the permitted access list further comprises determining whether the IP address of the access
requestor is included in the permitted access list.

61. (New) The method of claim 1 wherein subsequent access by the access requestor to
the access provider is denied for a pre-determined period of time.

62. (New) The method of claim 61 wherein denial of subsequent access by the access
requestor starts a new pre-determined time period when a received data packet from the access
provider to the access requestor includes the predetermined pattern.

63. (New) The method of claim 1 wherein denial of subsequent access by the access
requestor is discontinued when data packets communicated from the access provider to the
access requester no longer include the predetermined pattern for a pre-determined period of time.

Applicant : Brian Jacoby et al. Attorney's Docket No.: 06975-203001 / Security 14

Serial No. : 09/894,918

Filed : June 29, 2001

Page : 10 of 13

64. (New) The method of claim 1 wherein denying subsequent access by the access
requestor is performed in response to a command received from the access provider, irrespective
of the inspection of data packets received from the access provider.

65. (New) The method as in claim 1 wherein monitoring at least the payload portion of
the data packets received from an access provider to an access requestor includes monitoring
data packets communicated by the access provider that are in response to previous access
requests from the access requestor.

66. (New) The method of claim 65 wherein monitoring data packets communicated by
the access provider that are in response to previous access requests from the access requestor
includes monitoring responses provided by the access provider to requests from the access
requestor to login.